I can't even build openssl-fips.1.1.1 if the "shared" option is
specified. I had to remove it as you (Bill) did for the openssl-0.9.7m.
My build host is an oldish Debian (Woody) PowerPC box.
$ uname -a
Linux larabee 2.4.25-powerpc #1 mer avr 14 15:38:38 CEST 2004 ppc unknown
Why does "shared" cause things to barf?
It seems the build system does not append the -lcrypto to find the
necessary library functions. Is this a bug ???
But as I have just read, it seems the Security Policy mandates only the
"fips" option be supplied to be FIPS140 compliant.
What about directory directives, such as --prefix, --openssldir,
--install_prefix ???
Having built without the shared option, I notice that only static
libraries are created. But we have applications that have previously
linked with shared libraries.
Are shared libraries supposed to be generated for a fips build?
I could build without the fips parameter, but I need one of the RSA Key
Gen functions (RSA_X931_generate_keys()) that is encapsulated in a
#ifdef OPENSSL_FIPS statement.
I guess one solution maybe to use "shared" but not "fips" and supply
"-DOPENSSL_FIPS".
Would that work ???
Suggestions welcome :)
Cheers, Brendan.
Bill Colvin wrote:
Sorry for previous post. All worked fine with the shared term removed
from the config line using openssl-0.9.7m.
Steps I used are as follows:
cd /usr/src
tar -xvf openssl-fips-1.1.1.tar.gz
cd openssl-fips-1.1.1
./config fips
make
make install
cd ..
rm -rf openssl-fips-1.1.1
tar -xvf openssl-0.9.7m.tar.gz
cd openssl-0.9.7m
./config fips --openssldir=/etc/ssl --prefix=/usr zlib-dynamic \
no-idea no-mdc2 no-rc5
make depend
make MANDIR=/usr/share/man
make MANDIR=/usr/share/man install
Bill
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List openssl-users@openssl.org
Automated List Manager [EMAIL PROTECTED]